OAuth config for client credentials authentication with Microsoft Dynamics CRM on-premise

Question

We have MSD CRM on-prem IFD setup with OAuth configured We have already performed following steps:-

1. Created ADFS application
2. Created application user in CRM with the Application ID
3. Added following transform rules:- (1)Pass through Primary SID (2)Pass through UPN (3)Transform Win Acc Name to name

We are still not able to generate a valid token with grant_type=client_credentials

Please help me understand why grant_type=client_credentials is not generating a valid token when we try to use this token to access CRM entity it throws 401

Note:- we are able to generate a valid token with access CRM entity with grant_type=password

Currently trying this via Postman

Answer 1

ADFS does support client credentials authentication and we can also use grant application permission to access the CRM, but the problem is we need an application user to connect to CRM on-prem endpoint (Same as azure application user needed to connect to online MSD CRM) and currently, Microsoft does not support application users in CRM on-prem. The conclusion is currently it is not possible to connect to Microsoft Dynamics CRM endpoint with client credentials (OAuth Client Secret or Client Certificate) Note:- OAuth Password grant works

To create and register the application follow this Microsoft Doc